summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Revert "selftest/skip: add samba.tests.samba_tool.gpo until it's stable"Andrew Bartlett2012-11-131-1/+0
| | | | | | | | | | | | | | | | This reverts commit 47bbf9886f0cebf994435a32bafa07e36cce191b. This test appears to be stable now, but the changes in the previous commit should allow the real error to be found if it comes back. As requested by metze. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Nov 13 01:45:04 CET 2012 on sn-devel-104
* selftest: Avoid returning errors (rather than failures) in gpo testAndrew Bartlett2012-11-131-2/+4
| | | | | | | | This should help find the real cause of the flakey test, if it ever returns. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* s3:winbind: BUG 9386: Failover if netlogon pipe is not available.Andreas Schneider2012-11-121-13/+39
| | | | | | | | | | | | | Samba continues to query a broken DC while the DC did not finish to rebuild Sysvol (after a Windows crash, for example). It causes end users to received strange codes while trying to authenticate, even if there is a secondary DC available. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
* Use work around for 'winbind use default domain' only if it is setSumit Bose2012-11-121-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator character is always added to the user name returned by Get_Pwnam_alloc() if it does not contain the winbind separator character. As comments in the code indicates this is done as a work around if 'winbind use default domain' is set to yes in the samba configuration. This make sense if the option is set because otherwise the domain information is lost from the user name. But it causes errors if other services than winbind are used for user lookup, e.g. sssd. sssd can handle different kind of fully qualified user names as input, e.g. user@domain.name or DOM\user, but returns a canonical name, by default user@domain.name. While it would be possible to get around this issue with a special configuration either on the sssd or samba side I think the cleaner solution is to use the work around only if 'winbind use default domain' is set to yes which is what this patch does. Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Nov 12 15:54:15 CET 2012 on sn-devel-104
* ntp_signd: Only allow group access to the ntp signd directory.Andrew Bartlett2012-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Existing installations running ntp as group 'ntp' will need to change the permissions on the ntp_signd socket directory (eg PREFIX/lib/ntp_signd or /var/lib/samba/ntp_signd) The reason is that allowing other users on the host access to this directory would allow them to potentially spoof time on the network, or attack the password database with a chosen plaintext attack. Permissions should be changed to: ownership root:ntp (if ntp runs as gid ntp) mode 0750 (this is what it will be created as) If the permissions are not changed, Samba will refuse to start the ntp_signd server, and NTP operations will not be signed. As the error is declared fatal, in the future, Samba may totally refused to start. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Nov 12 12:36:30 CET 2012 on sn-devel-104
* ntp_signd: move socket directory to var/lib not var/run for permissions changeAndrew Bartlett2012-11-121-2/+2
| | | | | | | | | | | | | | | | | | | With the next patch, this becomes a socket directory on which we must maintain administrator-specified permissions we will need to move it away from directories that wipe at boot. This means the ntp.conf will need to change from (eg) ntpsigndsocket /usr/local/samba/var/run/ntp_signd/ to ntpsigndsocket /usr/local/samba/var/lib/ntp_signd/ Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s4:dsdb/acl_read: make sure confidential attributes require CONTROL_ACCESS ↵Stefan Metzmacher2012-11-121-0/+4
| | | | | | | | | | | | (bug #8620) Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Mon Nov 12 01:25:21 CET 2012 on sn-devel-104
* s4:dsdb/acl_read: fix whitespace formatting errorsStefan Metzmacher2012-11-121-124/+128
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/acl: only give administrators access to attributes marked as ↵Stefan Metzmacher2012-11-121-0/+87
| | | | | | | | | | | | confidential (bug #8620) The full fix will to implement and use the code of the read_acl module, but this is better than nothing for now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/acl: reorganize the logic flow in the password filtering checksStefan Metzmacher2012-11-121-54/+92
| | | | | | | | | This avoids some nesting levels and does early returns. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s4:dsdb/acl: fix search filter cleanup for password attributesStefan Metzmacher2012-11-121-1/+1
| | | | | | | | | We need to this when we're *not* system. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Avoid test cross-contamination in samba.tests.posixaclAndrew Bartlett2012-11-121-81/+59
| | | | | | | | | | | This creates a new xattr.tdb per unit test, which avoids once and for all the issue of dev/inode reuse. For test_setposixacl_dir_getntacl_smbd the file ownership also set specifically. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* selftest: Add tests for expected behaviour on directories as well as filesAndrew Bartlett2012-11-111-0/+197
| | | | | | | | | | | | | | | | | This is important because it covers the codepath which had the talloc error fixed by commit 60cf4cb5a630506747431ecbf00d890509baf2f3 (vfs_acl_common: In add_directory_inheritable_components allocate on psd as parent) Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sun Nov 11 15:48:10 CET 2012 on sn-devel-104
* pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()Andrew Bartlett2012-11-122-3/+3
| | | | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* selftest: Make samba.tests.ntacl also use TestCaseInTempDirAndrew Bartlett2012-11-121-37/+31
| | | | | | | | | | | This follows on from the successful conversion of samba.tests.posixacl. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* samba-tool: Rework ldap attribute fetch in classicupgrade for missing attributesAndrew Bartlett2012-11-121-17/+24
| | | | | | | | | | | | | | Is is not required that these additional attributes be filled in, so catch KeyError in both the nsswitch and ldap backend case. We rework get_posix_attr_from_ldap_backend() so it raises KeyError rather than trying to return None, and does not ignore other errors. Andrew Bartlett Tested-by: Chirana Gheorghita Eugeniu Theodor <office@adaptcom.ro> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
* s3:smbd: Fix typo in got_duplicate_group checkArvid Requate2012-11-101-1/+1
| | | | | | | Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104
* build: add DMAPI configure option and checksChristian Ambach2012-11-092-1/+65
| | | | | | | | | | | | | the waf build was missing the --with-dmapi option and configure checks that are necessary to build the source3 parts that need DMAPI (e.g. vfs_tsmsm) Bug: https://bugzilla.samba.org/show_bug.cgi?id=9178 Signed-off-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Fri Nov 9 20:57:31 CET 2012 on sn-devel-104
* build(waf): support AIX 6.1Christian Ambach2012-11-091-1/+1
| | | | | on AIX6.1, we need to define _ALL_SOURCE as well, otherwise system headers with BSD types like u_int cannot be used
* doc: list arguments for rpcclient FSRVP commandsDavid Disseldorp2012-11-091-8/+15
| | | | | | | Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Nov 9 18:21:39 CET 2012 on sn-devel-104
* doc: describe samlogon cache caveat for winbindd -nDavid Disseldorp2012-11-091-2/+4
| | | | | | | | The samlogon cache is never bypassed, even when winbindd is run with the -n argument. See https://bugzilla.samba.org/show_bug.cgi?id=9125 Reviewed-by: Andreas Schneider <asn@samba.org>
* Revert "s3-winbindd: make sure we obey the -n switch also for samlogon cache ↵David Disseldorp2012-11-094-13/+3
| | | | | | | | | | | | | | | | | | | | | | | | access." This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b. Bug 9125 analysis from Volker: The problem is that there are no network calls possible at all that would do what the samlogon cache does for us. There is just no way to retrieve the group membership in a complex trusted environment. If you have just a single domain with Samba as domain controller it might be possible, but even within a single domain it is not possible to correctly retrieve all group memberships using LDAP calls due to ACLs on directory objects. The call to get that is called NetSamLogon on the NETLOGON pipe. But this call requires user credentials and might trigger updating counts on the server. So to correctly implement wbinfo -r after a user has logged in, you have two alternatives: Save the info3 struct or the PAC in the netsamlogon cache. If you insist on doing network calls, you need to cache the user credentials somewhere to re-do the NetSamLogon call every time the wbinfo -r is requested. Reviewed-by: Andreas Schneider <asn@samba.org>
* Makefile: Allow specifying PYTHON environment variable.Jelmer Vernooij2012-11-091-1/+2
| | | | | | | | | | This is required for Minix, where python is named "python2.X". Reviewed-by: Simo Sorce <idra@samba.org> Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Fri Nov 9 16:39:09 CET 2012 on sn-devel-104
* configure: Support specifying PYTHON environment variable to run waf.Jelmer Vernooij2012-11-091-1/+1
| | | | | | | | This is necessary to run configure on Minix, where python is named "python2.X". Reviewed-by: Simo Sorce <idra@samba.org> Signed-off-by: Jelmer Vernooij <jelmer@samba.org>
* torture: Fix smb2.create.blob test.Andreas Schneider2012-11-091-1/+4
| | | | | | | Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Nov 9 14:53:27 CET 2012 on sn-devel-104
* samba-tool: Fix typo in --help output.Karolin Seeger2012-11-091-1/+1
| | | | | | | Signed-off-by: Karolin Seeger <kseeger@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Nov 9 11:04:50 CET 2012 on sn-devel-104
* s4-drs: Remove unused varMatthieu Patou2012-11-091-3/+0
| | | | Signed-off-by: Matthieu Patou <mat@matws.net>
* s3fs-client: Burn commandline password of client utils.Andreas Schneider2012-11-086-0/+10
| | | | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Nov 8 21:24:21 CET 2012 on sn-devel-104
* s3fs-popt: Add function to burn the commandline password.Andreas Schneider2012-11-082-0/+48
| | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
* Remove two unused variablesVolker Lendecke2012-11-071-1/+0
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Nov 7 17:18:06 CET 2012 on sn-devel-104
* lib/util: Simplify bitmap.c a bitVolker Lendecke2012-11-071-7/+6
| | | | | | | This avoids the double-talloc for bitmaps Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* lib/util: Make "struct bitmap" abstractVolker Lendecke2012-11-072-4/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* heimdal_build: Fix finding of system heimdal.Jelmer Vernooij2012-11-061-26/+29
| | | | | | | | | | | When checking for Heimdal headers, make sure HAVE_CONFIG_H is not defined, as config.h will not be available. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Jelmer Vernooij <jelmer@samba.org> Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Tue Nov 6 16:27:03 CET 2012 on sn-devel-104
* heimdal_build: HEIMDAL_LIBRARY(): Remove unused cflags argument.Jelmer Vernooij2012-11-061-2/+1
|
* selftest/skip: add samba.tests.samba_tool.gpo until it's stableStefan Metzmacher2012-11-061-0/+1
| | | | | | | | | | | | | See: https://git.samba.org/autobuild.flakey/2012-11-06-0314/samba.stdout https://git.samba.org/autobuild.flakey/2012-11-06-0514/samba.stdout https://git.samba.org/autobuild.flakey/2012-11-06-0713/samba.stdout Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Nov 6 14:24:08 CET 2012 on sn-devel-104
* ldb_secrets_tdb_sync: Add dependency on gssapi.Jelmer Vernooij2012-11-061-1/+1
| | | | | | | | | | | This is required when building with the system heimdal, as gssapi/gssapi_spnego.h is included. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Nov 6 05:12:28 CET 2012 on sn-devel-104
* dsdb: Rename _res argument to _result.Jelmer Vernooij2012-11-061-6/+6
| | | | | | | | Newer versions of heimdal include a macro that is unfortunately named '_res'. This change prevents the clash. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* provision: Make dsacl2fsacl() take a security.dom_sid, not strAndrew Bartlett2012-11-063-6/+5
| | | | | | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Nov 6 00:12:43 CET 2012 on sn-devel-104
* provision: Also walk directories checking ACLsAndrew Bartlett2012-11-061-1/+1
| | | | | | | | | The directory walk was missed due to a cut-and-paste error. Andrew Bartlett Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* wintest: Try harder to recover from apparent failure to dcpromoAndrew Bartlett2012-11-061-1/+12
| | | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* selftest: check that samba-tool gpo works for basic operationsAndrew Bartlett2012-11-063-1/+65
| | | | | Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* dsdb: Simplify DsCrackNameOneFilter a bitVolker Lendecke2012-11-061-1/+4
| | | | | | | | For me "else" branches clutter my flow reading code. If we do a hard return at the end of an "if" branch, "else" is not required. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba.abi: Fix abi_match with both excludes and includes.Jelmer Vernooij2012-11-062-3/+20
| | | | | | | | | | | This fixes a regression introduced by 9c3e294400234ebdf9b98031bae583524fd0b0ac which caused internal symbols in libldb to be exposed. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9357 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* wafsamba.samba_abi: Add basic unit tests.Jelmer Vernooij2012-11-062-1/+51
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* buildtools: Remove extra space from global: lineAndrew Bartlett2012-11-061-1/+1
| | | | | | | | | | | | This makes it easier to put the expected values in a file as we will not have trailing whitespace that is against git style. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* wafsamba.samba_abi: Refactor abi_write_vscript to take file argument.Jelmer Vernooij2012-11-061-9/+13
| | | | | | Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* s3:smbd: pass the current time to make_connection[_smb1]()Stefan Metzmacher2012-11-053-6/+9
| | | | | | | | | | Otherwise smbstatus reports the wrong time for tree connects. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
* s3:utils fix a whitespace errorChristian Ambach2012-11-051-1/+1
|
* s3:vfs_default: optimize vfswrap_asys_finished() and read as much as we canStefan Metzmacher2012-11-051-16/+33
| | | | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Mon Nov 5 19:01:13 CET 2012 on sn-devel-104
* lib/tsocket: optimize syscalls in tstream_readv_pdu_send()Stefan Metzmacher2012-11-051-0/+29
| | | | | | | Once we've got the first part of a pdu we try to optimize readv calls for the rest of the pdu. Signed-off-by: Stefan Metzmacher <metze@samba.org>
generated by cgit (git 2.34.1) at 2025-09-27 14:41:55 +0000